updating local()

Sybren Stuvel sybrenUSE at YOURthirdtower.com.imagination
Wed Oct 5 18:47:06 CEST 2005


Flavio enlightened us with:
> Can anyone tell me why, if the following code works, I should not do
> this?
>
> def fun(a=1,b=2,**args):
>
> 	print 'locals:',locals()
> 	locals().update(args)
> 	print locals()

Because it's very, very, very insecure. What would happen if someone
found a way to call that function? It could replace any name in the
locals dictionary, including functions from __builtins__. In other
words: probably the whole program could be taken over by other code by
just one call to that function.

Sybren
-- 
The problem with the world is stupidity. Not saying there should be a
capital punishment for stupidity, but why don't we just take the
safety labels off of everything and let the problem solve itself? 
                                             Frank Zappa



More information about the Python-list mailing list